JakeWharton / u2020

A sample Android app which showcases advanced usage of Dagger among other open source libraries.
https://www.youtube.com/watch?v=0XHx9jtxIxU
Apache License 2.0
5.68k stars 932 forks source link

“Bad” SSLSocketFactory doesn’t work anymore #240

Closed arturdryomov closed 8 years ago

arturdryomov commented 8 years ago

When switching endpoint to production the data will not be fetched due to this exception. This happens most likely because custom SSLSocketFactory does not work well with OkHttp 3.1.1. I think this can be related to square/okhttp#1360.

TrendingView: Failed to get trending repositories
TrendingView: javax.net.ssl.SSLPeerUnverifiedException: Failed to find a cert that signed Certificate:
TrendingView:     Data:
TrendingView:         Version: 3 (0x2)
TrendingView:         Serial Number:
TrendingView:             04:e1:e7:a4:dc:5c:f2:f3:6d:c0:2b:42:b8:5d:15:9f
TrendingView:     Signature Algorithm: sha256WithRSAEncryption
TrendingView:         Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
TrendingView:         Validity
TrendingView:             Not Before: Oct 22 12:00:00 2013 GMT
TrendingView:             Not After : Oct 22 12:00:00 2028 GMT
TrendingView:         Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA
TrendingView:         Subject Public Key Info:
TrendingView:             Public Key Algorithm: rsaEncryption
TrendingView:                 Public-Key: (2048 bit)
TrendingView:                 Modulus:
TrendingView:                     00:b6:e0:2f:c2:24:06:c8:6d:04:5f:d7:ef:0a:64:
TrendingView:                     06:b2:7d:22:26:65:16:ae:42:40:9b:ce:dc:9f:9f:
TrendingView:                     76:07:3e:c3:30:55:87:19:b9:4f:94:0e:5a:94:1f:
TrendingView:                     55:56:b4:c2:02:2a:af:d0:98:ee:0b:40:d7:c4:d0:
TrendingView:                     3b:72:c8:14:9e:ef:90:b1:11:a9:ae:d2:c8:b8:43:
TrendingView:                     3a:d9:0b:0b:d5:d5:95:f5:40:af:c8:1d:ed:4d:9c:
TrendingView:                     5f:57:b7:86:50:68:99:f5:8a:da:d2:c7:05:1f:a8:
TrendingView:                     97:c9:dc:a4:b1:82:84:2d:c6:ad:a5:9c:c7:19:82:
TrendingView:                     a6:85:0f:5e:44:58:2a:37:8f:fd:35:f1:0b:08:27:
TrendingView:                     32:5a:f5:bb:8b:9e:a4:bd:51:d0:27:e2:dd:3b:42:
TrendingView:                     33:a3:05:28:c4:bb:28:cc:9a:ac:2b:23:0d:78:c6:
TrendingView:                     7b:e6:5e:71:b7:4a:3e:08:fb:81:b7:16:16:a1:9d:
TrendingView:                     23:12:4d:e5:d7:92:08:ac:75:a4:9c:ba:cd:17:b2:
TrendingView:                     1e:44:35:65:7f:53:25:39:d1:1c:0a:9a:63:1b:19:
TrendingView:                     92:74:68:0a:37:c2:c2:52:48:cb:39:5a:a2:b6:e1:
TrendingView:                     5d:c1:dd:a0:20:b8:21:a2:93:26:6f:14:4a:21:41:
TrendingView:                     c7:ed:6d:9b:f2:48:2f:f3:03:f5:a2:68:92:53:2f:
TrendingView:                     5e:e3
TrendingView:                 Exponent: 65537 (0x10001)
TrendingView:         X509v3 extensions:
TrendingView:             X509v3 Basic Constraints: critical
TrendingView:                 CA:TRUE, pathlen:0
TrendingView:             X509v3 Key Usage: critical
TrendingView:                 Digital Signature, Certificate Sign, CRL Sign
TrendingView:             X509v3 Extended Key Usage: 
TrendingView:                 TLS Web Server Authentication, TLS Web Client Authentication
TrendingView:             Authority Information Access: 
TrendingView:                 OCSP - URI:http://ocsp.digicert.com
TrendingView:             X509v3 CRL Distribution Points: 
TrendingView:                 Full Name:
TrendingView:                   URI:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
TrendingView:             X509v3 Certificate Policies: 
TrendingView:                 Policy: X509v3 Any Policy
TrendingView:                   CPS: https://www.digicert.com/CPS
TrendingView:             X509v3 Subject Key Identifier: 
TrendingView:                 51:68:FF:90:AF:02:07:75:3C:CC:D9:65:64:62:A2:12:B8:59:72:3B
TrendingView:             X509v3 Authority Key Identifier: 
TrendingView:                 keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3
TrendingView:     Signature Algorithm: sha256WithRSAEncryption
TrendingView:          18:8a:95:89:03:e6:6d:df:5c:fc:1d:68:ea:4a:8f:83:d6:51:
TrendingView:          2f:8d:6b:44:16:9e:ac:63:f5:d2:6e:6c:84:99:8b:aa:81:71:
TrendingView:          84:5b:ed:34:4e:b0:b7:79:92:29:cc:2d:80:6a:f0:8e:20:e1:
TrendingView:          79:a4:fe:03:47:13:ea:f5:86:ca:59:71:7d:f4:04:96:6b:d3:
TrendingView:          59:58:3d:fe:d3:31:25:5c:18:38:84:a3:e6:9f:82:fd:8c:5b:
TrendingView:          98:31:4e:cd:78:9e:1a:fd:85:cb:49:aa:f2:27:8b:99:72:fc:
TrendingView:          3e:aa:d5:41:0b:da:d5:36:a1:bf:1c:6e:47:49:7f:5e:d9:48:
TrendingView:          7c:03:d9:fd:8b:49:a0:98:26:42:40:eb:d6:92:11:a4:64:0a:
TrendingView:          57:54:c4:f5:1d:d6:02:5e:6b:ac:ee:c4:80:9a:12:72:fa:56:
TrendingView:          93:d7:ff:bf:30:85:06:30:bf:0b:7f:4e:ff:57:05:9d:24:ed:
TrendingView:          85:c3:2b:fb:a6:75:a8:ac:2d:16:ef:7d:79:27:b2:eb:c2:9d:
TrendingView:          0b:07:ea:aa:85:d3:01:a3:20:28:41:59:43:28:d2:81:e3:aa:
TrendingView:          f6:ec:7b:3b:77:b6:40:62:80:05:41:45:01:ef:17:06:3e:de:
TrendingView:          c0:33:9b:67:d3:61:2e:72:87:e4:69:fc:12:00:57:40:1e:70:
TrendingView:          f5:1e:c9:b4
TrendingView:   at okhttp3.internal.tls.CertificateChainCleaner.clean(CertificateChainCleaner.java:88)
TrendingView:   at okhttp3.CertificatePinner.check(CertificatePinner.java:151)
TrendingView:   at okhttp3.internal.io.RealConnection.connectTls(RealConnection.java:208)
TrendingView:   at okhttp3.internal.io.RealConnection.connectSocket(RealConnection.java:148)
TrendingView:   at okhttp3.internal.io.RealConnection.connect(RealConnection.java:111)
TrendingView:   at okhttp3.internal.http.StreamAllocation.findConnection(StreamAllocation.java:188)
TrendingView:   at okhttp3.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:127)
TrendingView:   at okhttp3.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
TrendingView:   at okhttp3.internal.http.HttpEngine.connect(HttpEngine.java:289)
TrendingView:   at okhttp3.internal.http.HttpEngine.sendRequest(HttpEngine.java:241)
TrendingView:   at okhttp3.RealCall.getResponse(RealCall.java:240)
TrendingView:   at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:198)
TrendingView:   at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.java:203)
TrendingView:   at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:187)
TrendingView:   at com.jakewharton.u2020.data.api.oauth.OauthInterceptor.intercept(OauthInterceptor.java:25)
TrendingView:   at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:187)
TrendingView:   at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:160)
TrendingView:   at okhttp3.RealCall.execute(RealCall.java:57)
TrendingView:   at retrofit2.OkHttpCall.execute(OkHttpCall.java:177)
TrendingView:   at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:111)
TrendingView:   at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:92)
TrendingView:   at rx.Observable$2.call(Observable.java:162)
TrendingView:   at rx.Observable$2.call(Observable.java:154)
TrendingView:   at rx.Observable$2.call(Observable.java:162)
TrendingView:   at rx.Observable$2.call(Observable.java:154)
TrendingView:   at rx.Observable.unsafeSubscribe(Observable.java:8098)
TrendingView:   at rx.internal.operators.OperatorSubscribeOn$1$1.call(OperatorSubscribeOn.java:62)
TrendingView:   at rx.internal.schedulers.ScheduledAction.run(ScheduledAction.java:55)
TrendingView:   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:423)
TrendingView:   at java.util.concurrent.FutureTask.run(FutureTask.java:237)
TrendingView:   at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:269)
TrendingView:   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
TrendingView:   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
TrendingView:   at java.lang.Thread.run(Thread.java:818)
TrendingView: Failed to get trending repositories
TrendingView: javax.net.ssl.SSLPeerUnverifiedException: Failed to find a cert that signed Certificate:
TrendingView:     Data:
TrendingView:         Version: 3 (0x2)
TrendingView:         Serial Number:
TrendingView:             04:e1:e7:a4:dc:5c:f2:f3:6d:c0:2b:42:b8:5d:15:9f
TrendingView:     Signature Algorithm: sha256WithRSAEncryption
TrendingView:         Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
TrendingView:         Validity
TrendingView:             Not Before: Oct 22 12:00:00 2013 GMT
TrendingView:             Not After : Oct 22 12:00:00 2028 GMT
TrendingView:         Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA
TrendingView:         Subject Public Key Info:
TrendingView:             Public Key Algorithm: rsaEncryption
TrendingView:                 Public-Key: (2048 bit)
TrendingView:                 Modulus:
TrendingView:                     00:b6:e0:2f:c2:24:06:c8:6d:04:5f:d7:ef:0a:64:
TrendingView:                     06:b2:7d:22:26:65:16:ae:42:40:9b:ce:dc:9f:9f:
TrendingView:                     76:07:3e:c3:30:55:87:19:b9:4f:94:0e:5a:94:1f:
TrendingView:                     55:56:b4:c2:02:2a:af:d0:98:ee:0b:40:d7:c4:d0:
TrendingView:                     3b:72:c8:14:9e:ef:90:b1:11:a9:ae:d2:c8:b8:43:
TrendingView:                     3a:d9:0b:0b:d5:d5:95:f5:40:af:c8:1d:ed:4d:9c:
TrendingView:                     5f:57:b7:86:50:68:99:f5:8a:da:d2:c7:05:1f:a8:
TrendingView:                     97:c9:dc:a4:b1:82:84:2d:c6:ad:a5:9c:c7:19:82:
TrendingView:                     a6:85:0f:5e:44:58:2a:37:8f:fd:35:f1:0b:08:27:
TrendingView:                     32:5a:f5:bb:8b:9e:a4:bd:51:d0:27:e2:dd:3b:42:
TrendingView:                     33:a3:05:28:c4:bb:28:cc:9a:ac:2b:23:0d:78:c6:
TrendingView:                     7b:e6:5e:71:b7:4a:3e:08:fb:81:b7:16:16:a1:9d:
TrendingView:                     23:12:4d:e5:d7:92:08:ac:75:a4:9c:ba:cd:17:b2:
TrendingView:                     1e:44:35:65:7f:53:25:39:d1:1c:0a:9a:63:1b:19:
TrendingView:                     92:74:68:0a:37:c2:c2:52:48:cb:39:5a:a2:b6:e1:
TrendingView:                     5d:c1:dd:a0:20:b8:21:a2:93:26:6f:14:4a:21:41:
TrendingView:                     c7:ed:6d:9b:f2:48:2f:f3:03:f5:a2:68:92:53:2f:
TrendingView:                     5e:e3
TrendingView:                 Exponent: 65537 (0x10001)
TrendingView:         X509v3 extensions:
TrendingView:             X509v3 Basic Constraints: critical
TrendingView:                 CA:TRUE, pathlen:0
TrendingView:             X509v3 Key Usage: critical
TrendingView:                 Digital Signature, Certificate Sign, CRL Sign
TrendingView:             X509v3 Extended Key Usage: 
TrendingView:                 TLS Web Server Authentication, TLS Web Client Authentication
TrendingView:             Authority Information Access: 
TrendingView:                 OCSP - URI:http://ocsp.digicert.com
TrendingView:             X509v3 CRL Distribution Points: 
TrendingView:                 Full Name:
TrendingView:                   URI:http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
TrendingView:             X509v3 Certificate Policies: 
TrendingView:                 Policy: X509v3 Any Policy
TrendingView:                   CPS: https://www.digicert.com/CPS
TrendingView:             X509v3 Subject Key Identifier: 
TrendingView:                 51:68:FF:90:AF:02:07:75:3C:CC:D9:65:64:62:A2:12:B8:59:72:3B
TrendingView:             X509v3 Authority Key Identifier: 
TrendingView:                 keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3
TrendingView:     Signature Algorithm: sha256WithRSAEncryption
TrendingView:          18:8a:95:89:03:e6:6d:df:5c:fc:1d:68:ea:4a:8f:83:d6:51:
TrendingView:          2f:8d:6b:44:16:9e:ac:63:f5:d2:6e:6c:84:99:8b:aa:81:71:
TrendingView:          84:5b:ed:34:4e:b0:b7:79:92:29:cc:2d:80:6a:f0:8e:20:e1:
TrendingView:          79:a4:fe:03:47:13:ea:f5:86:ca:59:71:7d:f4:04:96:6b:d3:
TrendingView:          59:58:3d:fe:d3:31:25:5c:18:38:84:a3:e6:9f:82:fd:8c:5b:
TrendingView:          98:31:4e:cd:78:9e:1a:fd:85:cb:49:aa:f2:27:8b:99:72:fc:
TrendingView:          3e:aa:d5:41:0b:da:d5:36:a1:bf:1c:6e:47:49:7f:5e:d9:48:
TrendingView:          7c:03:d9:fd:8b:49:a0:98:26:42:40:eb:d6:92:11:a4:64:0a:
TrendingView:          57:54:c4:f5:1d:d6:02:5e:6b:ac:ee:c4:80:9a:12:72:fa:56:
TrendingView:          93:d7:ff:bf:30:85:06:30:bf:0b:7f:4e:ff:57:05:9d:24:ed:
TrendingView:          85:c3:2b:fb:a6:75:a8:ac:2d:16:ef:7d:79:27:b2:eb:c2:9d:
TrendingView:          0b:07:ea:aa:85:d3:01:a3:20:28:41:59:43:28:d2:81:e3:aa:
TrendingView:          f6:ec:7b:3b:77:b6:40:62:80:05:41:45:01:ef:17:06:3e:de:
TrendingView:          c0:33:9b:67:d3:61:2e:72:87:e4:69:fc:12:00:57:40:1e:70:
TrendingView:          f5:1e:c9:b4
TrendingView:   at okhttp3.internal.tls.CertificateChainCleaner.clean(CertificateChainCleaner.java:88)
TrendingView:   at okhttp3.CertificatePinner.check(CertificatePinner.java:151)
TrendingView:   at okhttp3.internal.io.RealConnection.connectTls(RealConnection.java:208)
TrendingView:   at okhttp3.internal.io.RealConnection.connectSocket(RealConnection.java:148)
TrendingView:   at okhttp3.internal.io.RealConnection.connect(RealConnection.java:111)
TrendingView:   at okhttp3.internal.http.StreamAllocation.findConnection(StreamAllocation.java:188)
TrendingView:   at okhttp3.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:127)
TrendingView:   at okhttp3.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
TrendingView:   at okhttp3.internal.http.HttpEngine.connect(HttpEngine.java:289)
TrendingView:   at okhttp3.internal.http.HttpEngine.sendRequest(HttpEngine.java:241)
TrendingView:   at okhttp3.RealCall.getResponse(RealCall.java:240)
TrendingView:   at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:198)
TrendingView:   at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.java:203)
TrendingView:   at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:187)
TrendingView:   at com.jakewharton.u2020.data.api.oauth.OauthInterceptor.intercept(OauthInterceptor.java:25)
TrendingView:   at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:187)
TrendingView:   at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:160)
TrendingView:   at okhttp3.RealCall.execute(RealCall.java:57)
TrendingView:   at retrofit2.OkHttpCall.execute(OkHttpCall.java:177)
TrendingView:   at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:111)
TrendingView:   at retrofit2.adapter.rxjava.RxJavaCallAdapterFactory$CallOnSubscribe.call(RxJavaCallAdapterFactory.java:92)
TrendingView:   at rx.Observable$2.call(Observable.java:162)
TrendingView:   at rx.Observable$2.call(Observable.java:154)
TrendingView:   at rx.Observable$2.call(Observable.java:162)
TrendingView:   at rx.Observable$2.call(Observable.java:154)
TrendingView:   at rx.Observable.unsafeSubscribe(Observable.java:8098)
TrendingView:   at rx.internal.operators.OperatorSubscribeOn$1$1.call(OperatorSubscribeOn.java:62)
TrendingView:   at rx.internal.schedulers.ScheduledAction.run(ScheduledAction.java:55)
TrendingView:   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:423)
TrendingView:   at java.util.concurrent.FutureTask.run(FutureTask.java:237)
TrendingView:   at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:269)
TrendingView:   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
TrendingView:   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
TrendingView:   at java.lang.Thread.run(Thread.java:818)
JakeWharton commented 8 years ago

That socket factory is not used for connecting to the production endpoint. It's not used at all in u2020, actually, since there is no staging endpoint for us to connect to. I can't reproduce this. Got any more info?

alexrwegener commented 8 years ago

I can confirm the same error message if you switch the endpoint to production in the internal debug build.

arturdryomov commented 8 years ago

I’ve cloned the most recent master which is 6866f36 at this point, run ./gradlew assembleDebug, installed the internal debug build, chose the production endpoint and saw the error state in the application. The exception I’ve posted was in the logcat.

JakeWharton commented 8 years ago

Will be fixed by https://github.com/square/okhttp/pull/2330